Resource assignment
You can assign resources, create project routing rules for Active Directory and Okta Universal Directory accounts, and modify SaaS app settings.
Before you begin
Ensure that you have the Okta Privileged Access resource admin role.
Assign Okta Universal Directory accounts to projects
-
On the Okta Privileged Access dashboard, go to .
-
Select the Okta Universal Directory tab.
-
Click Assign account on the app instance you want to assign to a resource group.
-
On the dialog that appears, select a Resource group and Project.
-
Optional. Rotate passwords upon assignment is enabled by default. Click the checkbox to disable it.
-
Click Assign.
You can view the assigned account in resource groups.
Set up Active Directory account rule settings.
See Configure individual account rule settings.
Change rotation strategy for SaaS apps
Use the password rotation strategy with custom SCIM connectors to support rotating passwords for accounts in on-premise apps that require the account's current password to perform a rotation.
-
On the Okta Privileged Access dashboard, go to .
-
Select SaaS Apps tab.
-
Click the Actions menu, and then click Change rotation strategy. With the standard setting, only the new password is sent to the SCIM connector. If the concatenated setting is enabled, both current and new passwords are sent together in the following format: "<length of current password>;<current password><new password>". Custom SCIM connectors must unpack the concatenated passwords to perform password rotation in the downstream app.
To use the concatenated strategy, you must build your own SCIM connectors.
-
On the dialog that appears, select Standard or Concatenated.
-
Click Continue.